Cybersecurity


Cloud Computing

Premium

Toeing the ‘fine line’ of cloud security compliance

2024-02-14T22:26:00+00:00By

When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.

Health data

News Brief

Montefiore Medical Center to pay $4.8M over employee’s data theft

2024-02-07T21:51:00+00:00By

Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.

Google HQ

News Brief

Alphabet to pay shareholders $350M over Google+ privacy lapses

2024-02-07T18:00:00+00:00By

Alphabet, the parent company of technology giant Google, agreed to pay $350 million in a preliminary settlement with shareholders over alleged data privacy violations and materially false and misleading statements linked to now-defunct social media site Google+.

Data breach

Premium

Experts: Good data breach response grounded in preparation

2024-02-06T15:24:00+00:00By

Two chief compliance officers and an attorney discussed preparation for the “when, not if” threat of a data breach during a panel at CW’s Cyber Risk & Data Privacy Summit.

Clorox_web

News Brief

Clorox discloses $49M hit from cyberattack

2024-02-05T21:50:00+00:00By

Cleaning products company Clorox disclosed the major cybersecurity incident that led to a shutdown of its automated order processing late last year has cost it about $49 million.

Blackbaud

News Brief

Blackbaud avoids fine in FTC deal requiring data deletion

2024-02-02T19:01:00+00:00By

Software company Blackbaud will be required to delete unnecessary data and boost cybersecurity as part of a proposed settlement with the Federal Trade Commission stemming from a 2020 data breach.

Citi

News Brief

N.Y. sues Citi for lax data security, failing to reimburse fraud victims

2024-01-31T19:27:00+00:00By

Citibank faces a lawsuit from New York Attorney General Letitia James for allegedly failing to protect and reimburse customers who lost thousands of dollars in fraudulent wire transfers.

Cyber locks

Premium

Consultation opens debate on proposed U.K. cyber governance code

2024-01-30T15:54:00+00:00By

Cybercrime is regularly cited as a leading concern for executives, yet board oversight of cyber risks is often inadequate and governance poorly understood, according to the authors of a proposed U.K. code of practice on cybersecurity governance.

DOJ

Premium

New DOJ cyber section wants more private sector partnership

2024-01-24T23:23:00+00:00By

Cooperation between businesses and the new cybersecurity section at the Department of Justice has led to the successful defanging of numerous, major ransomware operations worldwide in just the few months since its creation, according to its chief.

Computer hacked

Premium

OFAC official urges company transparency on ransomware events

2024-01-19T21:59:00+00:00By

Despite its reputation as a fierce enforcer of sanctions, the Office of Foreign Assets Control has a softer side and wants to help companies that are hit with ransomware attacks, according to the agency’s senior compliance officer.

VF

News Brief

VF discloses data breach impacted 35.5M customers

2024-01-19T19:40:00+00:00By

Apparel company VF Corp., the owner of brands including The North Face, Vans, and Timberland, disclosed its estimation approximately 35.5 million customers had their personal data stolen as part of a cybersecurity incident it uncovered in December.

Robinhood

News Brief

Robinhood Financial to pay $7.5M in Mass. settlement

2024-01-18T20:54:00+00:00By

Online stock trading platform and broker-dealer Robinhood Financial agreed to pay a $7.5 million fine as part of a settlement with the Commonwealth of Massachusetts addressing claims related to “gamification” of its platform and cybersecurity issues that lent to a 2021 data breach.

Genesis_Web

News Brief

Genesis Global Trading fined $8M by NYDFS over AML, cyber lapses

2024-01-16T18:24:00+00:00By

Virtual currency brokerage firm Genesis Global Trading agreed to pay an $8 million penalty levied by the New York State Department of Financial Services for alleged compliance failures that left it vulnerable to illicit activity and cybersecurity threats.

Cybercrime

Premium

NIST report: Mitigating the risks of cyberattacks on AI systems

2024-01-11T21:11:00+00:00By

Cyberattacks on artificial intelligence systems are increasing, so it’s important users know their vulnerabilities and try to soften the damage if they get hit, according to a new report by the National Institute of Standards and Technology.

Deepfakes

Premium

Deepfakes: A silent threat to digital integrity and AML efforts

2024-01-11T13:00:00+00:00By Rezaul Karim, CW guest columnist

Deepfakes have emerged in the digital world as a silent pandemic threatening not only our digital integrity but becoming a major risk to anti-money laundering efforts.

California

Premium

CPPA preview: Cybersecurity audit regs nearing formal proposal

2024-01-09T20:16:00+00:00By

Companies with business in California could face tough new cybersecurity mandates under draft regulations that could be headed for formal rulemaking as soon as Friday.

FINRA New York

News Brief

FINRA report: Exam trends on off-channel comms, crypto, cybersecurity

2024-01-09T18:09:00+00:00By

A new report from the Financial Industry Regulatory Authority provides observations from examiners on emerging issues affecting the industry, including surveilling potential use of off-channel communications by employees, crypto-asset developments, cybersecurity trends, and more.

onspring 300x200

Webcast

CPE Webcast: If it’s not auditable, is it real?

2024-01-09T14:00:00+00:00Provided by

Learn the importance of creating a unified environment to keep up with compliance regulations and how critical having a central source of information is for compliance professionals.

Cybersecurity

News Brief

​CMMC implementation plan takes shape in proposed rule

2023-12-28T16:28:00+00:00By

The Department of Defense released for comment a proposed rule setting guidelines for implementation of the Cybersecurity Maturity Model Certification program.

Peer Comparison Banners_300x250

Resource

White paper: Empowering Cybersecurity Governance and Disclosures

2023-12-18T17:45:00+00:00Provided by

Do you have a clear vision of what ‘good’ means when it comes to managing governance and your security program? Setting the right targets for your organization is crucial.

Binance

Premium

Top ethics and compliance failures of 2023

2023-12-14T15:00:00+00:00By

A virtual currency exchange that sought to mislead regulators, banks failing after ignoring obvious risks, and a manufacturer that sold millions of its products in violation of U.S. export controls are among those that make up CW’s list of the biggest ethics and compliance fails of 2023.

Data privacy

Premium

Experts: More privacy rules, enforcement expected in 2024

2023-12-14T11:30:00+00:00By

Businesses can prepare for a bumpy ride as the 2024 global landscape of data privacy and other related laws and regulations begins to take shape.

Cyber-security

News Brief

DOJ sets expectations for SEC cyber incident disclosure delays

2023-12-13T18:04:00+00:00By

Companies won’t have an easy path toward earning additional time from the Department of Justice regarding the disclosure of a material cybersecurity incident to the Securities and Exchange Commission as required under a new rule.

FBI logo

News Brief

FBI guidance: How to earn delay on SEC cyber incident disclosures

2023-12-11T19:29:00+00:00By

Businesses seeking additional time before disclosing to the Securities and Exchange Commission the occurrence of a material cybersecurity incident must be prepared to provide detailed information on the matter to the Federal Bureau of Investigation.

Working with AI

Premium

AI in 2024: More business use, more fraud risks

2023-12-08T21:42:00+00:00By

Use of generative artificial intelligence by businesses will ramp up in 2024, as will risk of AI-driven cyberattacks and fraud, according to experts.

Phishing

News Brief

Lafourche Medical Group to pay $480K in landmark HHS phishing action

2023-12-08T16:48:00+00:00By

Louisiana-based Lafourche Medical Group agreed to pay $480,000 as part of the first phishing attack-related settlement the Department of Health and Human Services’ Office for Civil Rights has reached under the Health Insurance Portability and Accountability Act.

Cybersecurity

News Brief

HHS: New cybersecurity regs on the way for hospitals

2023-12-07T18:34:00+00:00By

Hospitals can soon expect to see new draft cybersecurity regulations and benchmarking goals, according to the Department of Health and Human Services.

Privacy data access

News Brief

First American fined $1M by NYDFS over 2019 cybersecurity breach

2023-11-29T19:05:00+00:00By

First American Title Insurance Company agreed to pay a $1 million fine and implement stronger compliance measures for not securing customers’ personal data, the New York State Department of Financial Services announced.

Australian Parliament

News Brief

Australia seeks help from businesses under ‘bold and ambitious’ cyber strategy

2023-11-27T21:12:00+00:00By

Australia released an updated cybersecurity strategy that will rely more heavily on public-private partnerships to support the country’s cyber defense efforts.

cisa_web

News Brief

CISA guidance provides cyber risk mitigation strategies for healthcare

2023-11-20T19:26:00+00:00By

New guidance released by the Cybersecurity and Infrastructure Security Agency offers best practices for organizations in the healthcare and public health sector to adopt to combat rising cyber threats.

Morgan Stanley

News Brief

Morgan Stanley settles with states for $6.5M over mishandled data

2023-11-17T21:10:00+00:00By

Morgan Stanley agreed to pay $6.5 million as part of a settlement with six states requiring the firm to strengthen its data security after actions it took compromised the personal data of millions of customers.

New York healthcare

News Brief

N.Y. hospitals face stiff cybersecurity requirements under proposed rules

2023-11-15T21:09:00+00:00By

New York hospitals would be required to have a cybersecurity program that includes regular cyber risk assessments under newly proposed regulations.

UBS

News Brief

Merged UBS, AI on FINMA’s risk radar

2023-11-10T15:16:00+00:00By

A year of significant change in the Swiss banking sector, including the acquisition of Credit Suisse by UBS, has the country’s financial regulator prioritizing new risk areas on its radar.

NYC skyline

News Brief

Amended N.Y. cyber regs up pressure on financial firms to combat risks

2023-11-03T10:03:00+00:00By

New York will require financial institutions to conduct risk assessments more often and improve governance under a broad update to the state’s cybersecurity regulations.

Health data

News Brief

Medical management company to pay $100K in landmark HHS ransomware case

2023-11-01T22:10:00+00:00By

Doctors’ Management Service agreed to pay $100,000 in settling the first ransomware agreement under the Health Insurance Portability and Accountability Act reached by the Department of Health and Human Services’ Office for Civil Rights.

SolarWinds building

News Brief

SolarWinds cries SEC ‘overreach’ in fraud lawsuit against company, CISO

2023-10-31T17:52:00+00:00By

SolarWinds will contest a lawsuit brought by the Securities and Exchange Commission against it and its chief information security officer alleging fraud and internal control failures related to the software company’s cyberattack reported in 2020.

FTC seal

News Brief

FTC tweaks Safeguards Rule to address data breaches

2023-10-30T14:28:00+00:00By

Nonbank financial institutions must report certain data breaches to the Federal Trade Commission within 30 days of discovery under a new amendment to the agency’s Safeguards Rule.

diligent 2023 300x200

Webcast

CPE Webcast: Reinforce your defenses with strong cybersecurity compliance training

2023-10-26T14:00:00+01:00Provided by

Join this webinar, where compliance training experts will outline the strategy behind a solid cybersecurity defense to mitigate risks for your organization, starting with your compliance training program.

fsoc-risk

Premium

Survey: Risk chiefs feeling pressure from growing compliance mandates

2023-10-25T18:04:00+01:00By

Mounting compliance requirements and technological innovations have chief risk officers facing more complex risk environments, according to a KPMG survey.

halock 300x200

Webcast

CPE Webcast: Unprepared for SEC cyber disclosures? You can get through this

2023-10-24T14:00:00+01:00Provided by HALOCK Security Labs

Learn what cybersecurity strategy, governance, and risk management are and how to use an emerging definition for reasonable cybersecurity controls to help you define materiality.

Computer hacked

Premium

Risk models show finance, real estate most likely to face costly cyber events

2023-10-19T20:59:00+01:00By

The finance and real estate industries are at higher risk of experiencing a high-cost material cybersecurity incident, compared to other sectors, according to new research from risk modeling firm Kovrr based off data from U.S. Fortune 1,000 companies.

Cybersecurity

News Brief

UAE joins pact with U.S. on cybersecurity cooperation

2023-10-17T22:12:00+01:00By

The United States and United Arab Emirates finalized an agreement to work together to safeguard the financial sector from cyberattacks.

Cybersecurity network

Premium

Modern-day enterprises: How to prepare for and prove network compliance

2023-10-17T13:46:00+01:00By Matt Honea, CW guest columnist

The need to prove network compliance is intensifying as lawmakers introduce new privacy legislation and organizations update their contractual security requirements for third-party vendors.

Blackbaud

News Brief

Blackbaud settles with states for $49.5M over 2020 data breach

2023-10-16T21:16:00+01:00By

Software company Blackbaud agreed to pay $49.5 million in a multistate settlement addressing charges related to a 2020 cyberattack that exposed the personal data of approximately 13,000 consumers.

SEC

News Brief

Cybersecurity, AML risks among SEC 2024 exam priorities

2023-10-16T20:52:00+01:00By

SEC examiners will be asking tough questions of registered firms regarding how they handle risks related to operational security, interact with financial technology companies and crypto assets, and the maturity of their anti-money laundering programs.

Equifax

News Brief

FCA fines Equifax’s U.K. unit $13.3M over 2017 data breach

2023-10-13T18:57:00+01:00By

The Financial Conduct Authority fined Equifax’s U.K. unit more than £11 million (U.S. $13.3 million) regarding the company’s 2017 data breach that affected approximately 13.8 million U.K. consumers.

Croatia

News Brief

EOS Matrix battles back against Croatian DPA in $5.8M GDPR case

2023-10-13T14:39:00+01:00By

Debt collector EOS Matrix said it will challenge a General Data Protection Regulation penalty levied against it by the Croatian data protection authority after finding the data in question in the case does not match the data in its database.

Online Database

Premium

Expert: How data hoarding increases businesses’ cyber risks

2023-10-11T20:21:00+01:00By

Holding on to data for longer than necessary creates vulnerabilities for businesses by giving cyberattackers more avenues to access an organization’s computer systems.

OCC

Premium

OCC examiners to focus 2024 attention on risks that led to bank failures

2023-10-10T14:00:00+01:00By

Bank examiners from the Office of the Comptroller of the Currency are focusing their supervision attention on how banks manage risks that brought down three mid-sized financial institutions earlier this year.

MGM Resorts

News Brief

MGM discloses $100M hit from cyberattack

2023-10-06T17:38:00+01:00By

MGM Resorts International said it expects to take a $100 million hit as part of the fallout of a cyberattack that has most significantly impacted its Las Vegas operations.